← Back to Skills Marketplace
liujintao-2021

Static Server

by liujintao-2021 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
452
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install static-server
Description
Start a local HTTP server to preview static HTML pages. Use when testing static pages, previewing HTML files, or when browser tools cannot access file:// URL...
Usage Guidance
This skill is functionally coherent and contains no credential or install requirements, but take these precautions before using it: - Network exposure: the script binds to all interfaces (0.0.0.0) even though it advertises 'localhost'. If you only want local access, modify the bind to 127.0.0.1 (e.g., socketserver.TCPServer(('127.0.0.1', port), Handler)) or use an equivalent API that allows binding to localhost. - Do not serve directories containing secrets (SSH keys, config files, .env files). The server serves the whole directory tree you point it at. - Run as an unprivileged user and pick a non-conflicting port. Confirm your firewall or NAT does not forward the chosen port to the public internet. - If you cannot change the script, prefer running it from a dedicated temporary directory containing only files you intend to expose. If you accept the small change to bind only to localhost and follow the precautions above, the skill is reasonable for local static previewing. Otherwise, treat it as potentially exposing files on your local network.
Capability Analysis
Type: OpenClaw Skill Name: static-server Version: 1.0.0 The `scripts/serve.py` file uses `os.chdir(directory)` to change the current working directory to a user-provided path before starting an HTTP server. While this is standard for `http.server.SimpleHTTPRequestHandler` to serve content from a specific location, it creates a significant local file disclosure vulnerability. If an attacker can manipulate the `path` argument (e.g., via prompt injection against the agent) to point to sensitive directories like `/` or `/home/user`, local files could be exposed to anyone connecting to the localhost server. There is no evidence of malicious intent (e.g., exfiltration, persistence) in the code or the `SKILL.md` instructions, but the capability for unintended file exposure makes it suspicious.
Capability Assessment
Purpose & Capability
Name, description, SKILL.md, and the included scripts all align: the skill is a small Python static-file server for previewing HTML. However, the code binds to all interfaces (socketserver.TCPServer(('', port))) while the description repeatedly refers to 'localhost' URLs; this is a notable mismatch between the claimed 'local-only' purpose and the actual network binding.
Instruction Scope
Instructions are limited to starting the server, opening a browser, and killing the process—appropriate for the stated purpose. Concern: the examples assume local-only access (http://localhost:PORT) but the server listens on all interfaces, which may expose served files to other hosts on the network. Also the alternative one-liner (python -m http.server) similarly defaults to listening on all interfaces in many environments.
Install Mechanism
No install spec; this is an instruction-only skill with a small included Python script. Nothing is written to disk by an installer and no external downloads are performed.
Credentials
No environment variables, credentials, or config paths are requested; the skill's requirements are minimal and proportionate to a local static server.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by default but is not combined with other concerning privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install static-server
  3. After installation, invoke the skill by name or use /static-server
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Python HTTP server for static HTML preview
Metadata
Slug static-server
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is Static Server?

Start a local HTTP server to preview static HTML pages. Use when testing static pages, previewing HTML files, or when browser tools cannot access file:// URL... It is an AI Agent Skill for Claude Code / OpenClaw, with 452 downloads so far.

How do I install Static Server?

Run "/install static-server" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Static Server free?

Yes, Static Server is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Static Server support?

Static Server is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Static Server?

It is built and maintained by liujintao-2021 (@liujintao-2021); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments